Computer users (whether at home or at the office) are concerned about their privacy while using their computer and also about the security of their computer. The recent proliferation of computer viruses and other malware has heightened this concern. One particular type of software is able to log the keystrokes and other actions taken by a computer user and is known as a key logging or keylogger software.
Keylogger software is surveillance software that is used to keep a record of user activities on the computer such as keystroke logging, screen actions logging, mouse movement logging and voice logging. The software is designed to work undetected by the user and has become so powerful that this type of software is a serious threat to the privacy and security of a computer. Keylogger software can be easy to find and install and is sometimes considered legitimate software in certain situations. For example, keylogger software can be easily acquired by browsing the Internet and downloading it for free or by purchasing it at a relatively low price. Use of keylogger software can be useful to system administrators in some organizations and even parents might find it beneficial. In general, though, surreptitious use of keylogger software is generally considered a threat to computer security.
Keylogger software is able to record and steal sensitive information such as passwords, user names, personal identification numbers and other sensitive information. Further, an unscrupulous hacker can find ways to hide running keylogger software from showing up in the task manager of a computer and keylogger software can be very difficult to detect or track once installed.
Current techniques do not provide an optimal solution to detecting keylogger software. For example, older detection technology is based upon pattern matching and will not be able to detect unknown keylogger software. Further, even some of the commercially-available keylogger software is treated unknowingly as a normal application (by detection software or by an administrator or user) even though it is used for malicious purposes. Numerous programs do exist for the detection of keylogger software but often do not detect the keylogger software. One reason is that keylogger software can work in many different ways and can hide itself. For example, some detection programs look for continuous file writing on a hard drive to determine the existence of keylogger software. This approach, though, is not suitable in situations where the keylogger software does not use the hard drive for logging files and instead uses FTP access or another technique. Further, these detection programs often have a very high rate of false positives and are therefore not useful to the end user or system administrator.
A technique is desired that would provide better detection of keylogger software. In particular, a technique is desired that would alert the user in real time when a computer program attempts to install keylogger software or when such software attempts to record events.